Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bad parameter: Link is not supported podman docker-compose #709

Open
zamantech opened this issue Aug 16, 2022 · 8 comments
Open

bad parameter: Link is not supported podman docker-compose #709

zamantech opened this issue Aug 16, 2022 · 8 comments
Assignees
@teddytpc1

Comments

@zamantech
Copy link

when try to run docker-compose up using podman i get this error output

Creating single-node_wazuh.dashboard_1 ... error
ERROR: for single-node_wazuh.dashboard_1 Cannot create container for service wazuh.dashboard: bad parameter: Link is not supported
ERROR: for wazuh.dashboard Cannot create container for service wazuh.dashboard: bad parameter: Link is not supported
ERROR: Encountered errors while bringing up the project.

The compose File

# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.3.6
    hostname: wazuh.manager
    restart: always
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
      - wazuh_logs:/var/ossec/logs
      - wazuh_queue:/var/ossec/queue
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_integrations:/var/ossec/integrations
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_agentless:/var/ossec/agentless
      - wazuh_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.3.6
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.3.6
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 1234:5601
    environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:

for more check
https://github.com/wazuh/wazuh-docker

so how to avoid (use alternative/solution) "links" since it's not supported by podman/docker (maybe in the futuer)?
I try what suggest at stackverflow but get permision error

Best Regards
@teddytpc1 teddytpc1 self-assigned this Aug 16, 2022
@teddytpc1
Copy link
Member

Hi @zamantech.
I was able to deploy the environment using podman 3.4.2 and including the links.
Would you let me know what steps did you follow and what podman version are you using, please?
Also, can you share the permission error you are getting?

@zamantech
Copy link
Author

Hi @zamantech. I was able to deploy the environment using podman 3.4.2 and including the links. Would you let me know what steps did you follow and what podman version are you using, please? Also, can you share the permission error you are getting?

without links

$ docker-compose version

docker-compose version 1.29.2, build 5becea4c
docker-py version: 5.0.0
CPython version: 3.7.10
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

$ podman version

Client:       Podman Engine
Version:      4.1.1
API Version:  4.1.1
Go Version:   go1.17.7
Built:        Mon Jul 11 17:56:53 2022
OS/Arch:      linux/amd64

$ sudo docker-compose up

Creating network "single-node_default" with the default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
Attaching to single-node_wazuh.manager_1, single-node_wazuh.indexer_1, single-node_wazuh.dashboard_1
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1  | Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
wazuh.dashboard_1  | Wazuh APP already configured
wazuh.indexer_1    | [2022-08-17T05:56:58,189][INFO ][o.o.n.Node               ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/4.18.0-372.19.1.el8_6.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
wazuh.indexer_1    | [2022-08-17T05:56:58,193][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
wazuh.indexer_1    | [2022-08-17T05:56:58,194][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-11314594443672652163, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
wazuh.indexer_1    | [2022-08-17T05:57:00,445][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
wazuh.indexer_1    | [2022-08-17T05:57:00,446][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.indexer_1    | [2022-08-17T05:57:00,857][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
wazuh.indexer_1    | [2022-08-17T05:57:00,859][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
wazuh.manager_1    | 2022/08/17 05:57:01 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.indexer_1    | [2022-08-17T05:57:01,522][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
wazuh.indexer_1    | [2022-08-17T05:57:01,523][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
wazuh.indexer_1    | [2022-08-17T05:57:01,523][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
wazuh.indexer_1    | [2022-08-17T05:57:01,524][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1    | [2022-08-17T05:57:01,524][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1    | [2022-08-17T05:57:01,881][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
wazuh.indexer_1    | [2022-08-17T05:57:01,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin-key.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:01,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:01,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/root-ca.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:01,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:01,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:01,899][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-17T05:57:02,272][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
wazuh.indexer_1    | [2022-08-17T05:57:02,274][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
wazuh.indexer_1    | [2022-08-17T05:57:03,279][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
wazuh.indexer_1    | [2022-08-17T05:57:03,282][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
wazuh.indexer_1    | [2022-08-17T05:57:03,305][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
wazuh.indexer_1    | [2022-08-17T05:57:03,313][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
wazuh.indexer_1    | [2022-08-17T05:57:03,368][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
wazuh.indexer_1    | [2022-08-17T05:57:03,370][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
wazuh.indexer_1    | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
wazuh.indexer_1    | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
wazuh.indexer_1    | [2022-08-17T05:57:03,371][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
wazuh.indexer_1    | [2022-08-17T05:57:03,372][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
wazuh.indexer_1    | [2022-08-17T05:57:03,372][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
wazuh.indexer_1    | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
wazuh.indexer_1    | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
wazuh.indexer_1    | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
wazuh.indexer_1    | [2022-08-17T05:57:03,373][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
wazuh.indexer_1    | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
wazuh.indexer_1    | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
wazuh.indexer_1    | [2022-08-17T05:57:03,374][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
wazuh.indexer_1    | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
wazuh.indexer_1    | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
wazuh.indexer_1    | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
wazuh.indexer_1    | [2022-08-17T05:57:03,375][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
wazuh.indexer_1    | [2022-08-17T05:57:03,376][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
wazuh.indexer_1    | [2022-08-17T05:57:03,376][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
wazuh.indexer_1    | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
wazuh.indexer_1    | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
wazuh.indexer_1    | [2022-08-17T05:57:03,377][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
wazuh.indexer_1    | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
wazuh.indexer_1    | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
wazuh.indexer_1    | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
wazuh.indexer_1    | [2022-08-17T05:57:03,378][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
wazuh.indexer_1    | [2022-08-17T05:57:03,379][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
wazuh.indexer_1    | [2022-08-17T05:57:03,379][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
wazuh.indexer_1    | [2022-08-17T05:57:03,380][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
wazuh.indexer_1    | [2022-08-17T05:57:03,380][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
wazuh.indexer_1    | [2022-08-17T05:57:03,405][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
wazuh.indexer_1    | [2022-08-17T05:57:03,421][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/rhel-var)]], net usable_space [78.3gb], net total_space [120.7gb], types [xfs]
wazuh.indexer_1    | [2022-08-17T05:57:03,422][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
wazuh.indexer_1    | [2022-08-17T05:57:03,567][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [JCe2PdPOTVuDl9_JClcDHQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.

until cancelled by ctrl+c

@zamantech
Copy link
Author

any news?

@teddytpc1
Copy link
Member

Hi @zamantech.
Please provide the steps you used to deploy the environment.
Also:

  1. Remove the environment with docker-compose down.
  2. Remove the volumes created by the deployment.
  3. Remove the created certificates.
  4. Re-create the certificates.
  5. Re-deploy the environment.
  6. Check if it works (provide the error logs if it fails).

Please provide the commands used to perform the previous steps if it fails.

@zamantech
Copy link
Author

after removing links is there is effect?
1 - done
2- done
$ docker mount --all

Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
/home/llo/.local/share/containers/storage/overlay/7b1b4e95b6a2560f6e398c63c6806c9628d910389477c2528096c645fc00ed7d/merged

3- done
4-
$ sudo docker-compose -f ./generate-indexer-certs.yml run --rm generator

Creating network "single-node_default" with the default driver
Creating single-node_generator_run ... done
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 25130  100 25130    0     0   5500      0  0:00:04  0:00:04 --:--:--  5501
Cert tool exists in Packages bucket
20/08/2022 17:05:35 INFO: Admin certificates created.
20/08/2022 17:05:35 INFO: Wazuh indexer certificates created.
20/08/2022 17:05:35 INFO: Wazuh server certificates created.
20/08/2022 17:05:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to destination directory
changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker

5-
$ sudo docker-compose up

Creating network "single-node_default" with the default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
Attaching to single-node_wazuh.manager_1, single-node_wazuh.indexer_1, single-node_wazuh.dashboard_1
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1  | Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
wazuh.dashboard_1  | Wazuh APP already configured
wazuh.indexer_1    | [2022-08-20T17:09:35,971][INFO ][o.o.n.Node               ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/4.18.0-372.19.1.el8_6.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
wazuh.indexer_1    | [2022-08-20T17:09:35,978][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
wazuh.indexer_1    | [2022-08-20T17:09:35,979][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-5245442347013714932, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.indexer_1    | [2022-08-20T17:09:37,897][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
wazuh.indexer_1    | [2022-08-20T17:09:37,898][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.indexer_1    | [2022-08-20T17:09:38,343][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
wazuh.indexer_1    | [2022-08-20T17:09:38,347][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
wazuh.manager_1    | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1    | [2022-08-20T17:09:39,250][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
wazuh.indexer_1    | [2022-08-20T17:09:39,251][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
wazuh.indexer_1    | [2022-08-20T17:09:39,252][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
wazuh.indexer_1    | [2022-08-20T17:09:39,252][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1    | [2022-08-20T17:09:39,253][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2, TLSv1.1]
wazuh.indexer_1    | [2022-08-20T17:09:39,697][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
wazuh.indexer_1    | [2022-08-20T17:09:39,708][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin-key.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:39,710][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/admin.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:39,710][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/root-ca.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:39,712][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:39,713][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:39,714][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
wazuh.indexer_1    | [2022-08-20T17:09:40,073][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
wazuh.indexer_1    | [2022-08-20T17:09:40,074][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
wazuh.indexer_1    | [2022-08-20T17:09:40,987][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
wazuh.indexer_1    | [2022-08-20T17:09:40,990][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
wazuh.indexer_1    | [2022-08-20T17:09:41,019][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
wazuh.indexer_1    | [2022-08-20T17:09:41,028][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
wazuh.indexer_1    | [2022-08-20T17:09:41,083][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
wazuh.indexer_1    | [2022-08-20T17:09:41,087][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
wazuh.indexer_1    | [2022-08-20T17:09:41,088][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
wazuh.indexer_1    | [2022-08-20T17:09:41,088][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
wazuh.indexer_1    | [2022-08-20T17:09:41,089][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
wazuh.indexer_1    | [2022-08-20T17:09:41,090][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
wazuh.indexer_1    | [2022-08-20T17:09:41,090][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
wazuh.indexer_1    | [2022-08-20T17:09:41,091][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
wazuh.indexer_1    | [2022-08-20T17:09:41,091][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
wazuh.indexer_1    | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
wazuh.indexer_1    | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
wazuh.indexer_1    | [2022-08-20T17:09:41,092][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
wazuh.indexer_1    | [2022-08-20T17:09:41,093][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
wazuh.indexer_1    | [2022-08-20T17:09:41,094][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
wazuh.indexer_1    | [2022-08-20T17:09:41,094][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
wazuh.indexer_1    | [2022-08-20T17:09:41,095][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
wazuh.indexer_1    | [2022-08-20T17:09:41,095][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
wazuh.indexer_1    | [2022-08-20T17:09:41,096][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
wazuh.indexer_1    | [2022-08-20T17:09:41,096][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
wazuh.indexer_1    | [2022-08-20T17:09:41,098][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
wazuh.indexer_1    | [2022-08-20T17:09:41,098][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
wazuh.indexer_1    | [2022-08-20T17:09:41,099][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
wazuh.indexer_1    | [2022-08-20T17:09:41,099][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
wazuh.indexer_1    | [2022-08-20T17:09:41,100][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
wazuh.indexer_1    | [2022-08-20T17:09:41,100][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
wazuh.indexer_1    | [2022-08-20T17:09:41,101][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
wazuh.indexer_1    | [2022-08-20T17:09:41,101][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
wazuh.indexer_1    | [2022-08-20T17:09:41,102][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
wazuh.indexer_1    | [2022-08-20T17:09:41,102][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
wazuh.indexer_1    | [2022-08-20T17:09:41,103][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
wazuh.indexer_1    | [2022-08-20T17:09:41,103][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
wazuh.indexer_1    | [2022-08-20T17:09:41,140][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
wazuh.indexer_1    | [2022-08-20T17:09:41,171][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/rhel-var)]], net usable_space [78.5gb], net total_space [120.7gb], types [xfs]
wazuh.indexer_1    | [2022-08-20T17:09:41,173][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
wazuh.indexer_1    | [2022-08-20T17:09:41,447][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [JCe2PdPOTVuDl9_JClcDHQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:43Z","tags":["info","plugins-service"],"pid":39,"message":"Plugin \"visTypeXy\" is disabled."}
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:43Z","tags":["info","plugins-system"],"pid":39,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:44Z","tags":["info","savedobjects-service"],"pid":39,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:45 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.indexer_1    | [2022-08-20T17:09:46,894][WARN ][o.o.s.c.Salt             ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
wazuh.indexer_1    | [2022-08-20T17:09:46,913][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
wazuh.indexer_1    | [2022-08-20T17:09:46,916][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
wazuh.indexer_1    | [2022-08-20T17:09:46,916][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Message routing enabled: false
wazuh.indexer_1    | [2022-08-20T17:09:46,993][INFO ][o.o.s.f.SecurityFilter   ] [wazuh.indexer] <NONE> indices are made immutable.
wazuh.indexer_1    | [2022-08-20T17:09:47,468][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
wazuh.indexer_1    | WARNING: An illegal reflective access operation has occurred
wazuh.indexer_1    | WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
wazuh.indexer_1    | WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
wazuh.indexer_1    | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
wazuh.indexer_1    | WARNING: All illegal access operations will be denied in a future release
wazuh.indexer_1    | [2022-08-20T17:09:48,185][INFO ][o.o.t.NettyAllocator     ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=512mb}]
wazuh.indexer_1    | [2022-08-20T17:09:48,306][INFO ][o.o.d.DiscoveryModule    ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
wazuh.indexer_1    | [2022-08-20T17:09:48,800][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.indexer_1    | [2022-08-20T17:09:49,316][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
wazuh.indexer_1    | [2022-08-20T17:09:49,383][INFO ][o.o.n.Node               ] [wazuh.indexer] initialized
wazuh.indexer_1    | [2022-08-20T17:09:49,383][INFO ][o.o.n.Node               ] [wazuh.indexer] starting ...
wazuh.indexer_1    | [2022-08-20T17:09:49,506][INFO ][o.o.t.TransportService   ] [wazuh.indexer] publish_address {10.89.0.6:9300}, bound_addresses {[::]:9300}
wazuh.indexer_1    | [2022-08-20T17:09:49,725][WARN ][o.o.b.BootstrapChecks    ] [wazuh.indexer] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
wazuh.indexer_1    | [2022-08-20T17:09:49,727][INFO ][o.o.c.c.Coordinator      ] [wazuh.indexer] cluster UUID [tUGlMOLXQxi80sjRUMGhSw]
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.indexer_1    | [2022-08-20T17:09:49,827][INFO ][o.o.c.s.MasterService    ] [wazuh.indexer] elected-as-master ([1] nodes joined)[{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 9, version: 42, delta: master node changed {previous [], current [{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...wazuh.indexer_1    | [2022-08-20T17:09:49,889][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] master node changed {previous [], current [{wazuh.indexer}{JCe2PdPOTVuDl9_JClcDHQ}{x3YQUTMoQ7G2_qncz-StkQ}{10.89.0.6}{10.89.0.6:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 9, version: 42, reason: Publication{term=9, version=42}
wazuh.indexer_1    | [2022-08-20T17:09:49,913][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
wazuh.indexer_1    | [2022-08-20T17:09:49,914][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
wazuh.indexer_1    | [2022-08-20T17:09:49,940][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {10.89.0.6:9200}, bound_addresses {[::]:9200}
wazuh.indexer_1    | [2022-08-20T17:09:49,941][INFO ][o.o.n.Node               ] [wazuh.indexer] started
wazuh.indexer_1    | [2022-08-20T17:09:49,942][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
wazuh.indexer_1    | [2022-08-20T17:09:49,943][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
wazuh.indexer_1    | [2022-08-20T17:09:49,943][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
wazuh.indexer_1    | [2022-08-20T17:09:49,944][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:49Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:49Z","tags":["error","savedobjects-service"],"pid":39,"message":"Unable to retrieve version information from OpenSearch nodes."}
wazuh.indexer_1    | [2022-08-20T17:09:50,029][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Node added: [JCe2PdPOTVuDl9_JClcDHQ]
wazuh.indexer_1    | [2022-08-20T17:09:50,037][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Add data node to AD version hash ring: JCe2PdPOTVuDl9_JClcDHQ
wazuh.indexer_1    | [2022-08-20T17:09:50,039][INFO ][o.o.g.GatewayService     ] [wazuh.indexer] recovered [1] indices into cluster_state
wazuh.indexer_1    | [2022-08-20T17:09:50,041][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] All nodes with known AD version: {JCe2PdPOTVuDl9_JClcDHQ=ADNodeInfo{version=1.2.4, isEligibleDataNode=true}}
wazuh.indexer_1    | [2022-08-20T17:09:50,042][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
wazuh.indexer_1    | [2022-08-20T17:09:50,042][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Build AD version hash ring successfully
wazuh.indexer_1    | [2022-08-20T17:09:50,044][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] Start migrating AD data
wazuh.indexer_1    | [2022-08-20T17:09:50,044][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
wazuh.indexer_1    | [2022-08-20T17:09:50,045][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
wazuh.indexer_1    | [2022-08-20T17:09:50,047][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
wazuh.indexer_1    | [2022-08-20T17:09:50,049][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
wazuh.indexer_1    | [2022-08-20T17:09:50,701][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]).
wazuh.indexer_1    | [2022-08-20T17:09:50,787][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:50,979][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:50,980][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,000][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,001][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,029][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,029][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,060][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,060][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,080][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,081][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,087][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,087][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
wazuh.indexer_1    | [2022-08-20T17:09:51,092][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,092][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
wazuh.indexer_1    | [2022-08-20T17:09:51,097][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,098][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
wazuh.indexer_1    | [2022-08-20T17:09:51,130][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
wazuh.indexer_1    | [2022-08-20T17:09:51,383][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
wazuh.indexer_1    | [2022-08-20T17:09:51,385][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
wazuh.indexer_1    | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
wazuh.indexer_1    | [2022-08-20T17:09:51,386][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,387][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
wazuh.indexer_1    | [2022-08-20T17:09:51,387][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
wazuh.indexer_1    | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
wazuh.indexer_1    | [2022-08-20T17:09:51,388][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,389][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
wazuh.indexer_1    | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,390][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
wazuh.indexer_1    | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
wazuh.indexer_1    | [2022-08-20T17:09:51,391][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
wazuh.indexer_1    | [2022-08-20T17:09:51,392][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
wazuh.indexer_1    | [2022-08-20T17:09:51,393][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
wazuh.indexer_1    | [2022-08-20T17:09:51,393][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
single-node_wazuh.manager_1 exited with code 0
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:38 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:45 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:52 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
wazuh.manager_1    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
wazuh.manager_1    | [s6-init] ensuring user provided files have correct perms...exited 0.
wazuh.manager_1    | [fix-attrs.d] applying ownership & permissions fixes...
wazuh.manager_1    | [fix-attrs.d] done.
wazuh.manager_1    | [cont-init.d] executing container initialization scripts...
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: executing... 
wazuh.manager_1    | /var/ossec/data_tmp/permanent/var/ossec/api/configuration/
wazuh.manager_1    | find: '/var/ossec/api/configuration': Permission denied
wazuh.manager_1    | Installing /var/ossec/api/configuration
wazuh.manager_1    | Error executing command: 'cp -a /var/ossec/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration'.
wazuh.manager_1    | Exiting.
wazuh.manager_1    | [cont-init.d] 0-wazuh-init: exited 1.
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: executing... 
wazuh.manager_1    | Customize Elasticsearch ouput IP
wazuh.manager_1    | sed: can't read /etc/filebeat/filebeat.yml: Permission denied
wazuh.manager_1    | [cont-init.d] 1-config-filebeat: exited 2.
wazuh.manager_1    | [cont-init.d] 2-manager: executing... 
wazuh.manager_1    | /var/run/s6/etc/cont-init.d/2-manager: line 85: /var/ossec/api/configuration/admin.json: Permission denied
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:09:57Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.manager_1    | wazuh-apid: There is an error in the ossec.conf file: [Errno 13] Permission denied: '/var/ossec/etc/ossec.conf'
wazuh.manager_1    | rm: cannot remove '/var/ossec/api/configuration/admin.json': Permission denied
wazuh.manager_1    | 2022/08/20 17:09:58 wazuh-csyslogd: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).
wazuh.manager_1    | wazuh-csyslogd: Configuration error. Exiting
wazuh.manager_1    | [cont-init.d] 2-manager: exited 1.
wazuh.manager_1    | [cont-init.d] done.
wazuh.manager_1    | [services.d] starting services
wazuh.manager_1    | starting Filebeat
wazuh.manager_1    | tail: cannot open '/var/ossec/logs/ossec.log' for reading: Permission denied
wazuh.manager_1    | [services.d] done.
wazuh.manager_1    | Exiting: error loading config file: stat /etc/filebeat/filebeat.yml: permission denied
wazuh.manager_1    | Filebeat exited. code=1
wazuh.manager_1    | [cont-finish.d] executing container finish scripts...
wazuh.manager_1    | [cont-finish.d] done.
wazuh.manager_1    | [s6-finish] waiting for services.
wazuh.manager_1    | [s6-finish] sending all processes the TERM signal.
wazuh.dashboard_1  | {"type":"log","@timestamp":"2022-08-20T17:10:00Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: getaddrinfo ENOTFOUND wazuh.indexer wazuh.indexer:9200"}
wazuh.manager_1    | [s6-finish] sending all processes the KILL signal and exiting.
^CGracefully stopping... (press Ctrl+C again to force)
Stopping single-node_wazuh.dashboard_1 ... done
Stopping single-node_wazuh.manager_1   ... done
Stopping single-node_wazuh.indexer_1   ... done

6-
when access web
Wazuh dashboard server is not ready yet

7- when running compose up
$ sudo docker ps

Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID  IMAGE                                  COMMAND            CREATED        STATUS                     PORTS                                                                             NAMES
cb2a7bf9211b  docker.io/wazuh/wazuh-indexer:4.3.6    opensearchwrapper  5 minutes ago  Up 33 seconds ago          0.0.0.0:9200->9200/tcp                                                            single-node_wazuh.indexer_1
35252f53bb06  docker.io/wazuh/wazuh-manager:4.3.6                       5 minutes ago  Up Less than a second ago  0.0.0.0:1514-1515->1514-1515/tcp, 0.0.0.0:55000->55000/tcp, 0.0.0.0:514->514/udp  single-node_wazuh.manager_1
24090bcabe96  docker.io/wazuh/wazuh-dashboard:4.3.6                     5 minutes ago  Up 33 seconds ago          0.0.0.0:443->5601/tcp                                                             single-node_wazuh.dashboard_1

@teddytpc1
Copy link
Member

Hi @zamantech.
For step 2 the command should be something like this:
docker volume rm $(docker volume ls -f name=single-node_ -q)
Make sure all the deployment volumes are removed using:
docker volume ls

Please repeat the procedure using these commands for step 2.

@helpcomputer19
Copy link

I was seeing similar errors in my environment. The issue was SELinux. Temporarily disabling SELinux allowed the service to start with no errors. Of course, disabling SELinux is not the recommended solution but you could try it to see the errors go away. If so, you know what the issue is and now you just need to create some exceptions.

@Brettdah
Copy link

In my opinion disabling SELinux is part of a trouble shouting method ;) set it to permissive so it will log the problems, and you can then do something about it autdit2allow being the worst because it will set a generic permission instead of setting the right context. if you disable SELinux yes you will see that it is the culprit but you will not have logs to do anything about it ! usualy when a start a service I always set SELinux to permissive at least for 1 week during test and exploring as many fonctionnalities as possible then I check the audit logs of the week for any denied and I fix the context for the app ;)

@pro-akim pro-akim mentioned this issue Sep 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@teddytpc1 teddytpc1

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Brettdah @teddytpc1 @helpcomputer19 @zamantech